Why should a lawyer who doesn’t represent health care or insurance companies be concerned about HIPAA? One of the largest health care data breaches, which compromised nearly 25 million individuals’ records, didn’t occur at a hospital or clinic – it was the result of a billing/collection company breach.

Betsy Mountenay, analysis manager at Bloomberg Law who focuses on health care, interviews Iliana L. Peters, a shareholder and health law attorney at Polsinelli in Washington, DC. Peters is the former acting deputy director and senior advisor for HIPAA compliance and enforcement at the Department of Health and Human Services Office of Civil Rights.

Mountenay and Peters discuss how non-health care entities can violate HIPAA if they’re in a business associate relationship. According to a Bloomberg Law analysis, 25% of data breaches reported since 2016 happened on a business associate’s watch.

Congress is also starting to scrutinize the vendor selection process for health care companies. A wide variety of tech companies working with health care companies could be expected to have stronger HIPAA safeguards. At the same time, many medical-related apps providing services directly to consumers may not be covered under HIPAA.

 Peters and Mountenay also discuss enforcement areas that HHS state agencies are focusing on.

Listen and subscribe to Law X.0 from your mobile device: Via Apple Podcasts | Via Stitcher | Via Overcast | Via Spotify

Hosts: Dori Goldstein and Meg McEvoy, Guest Host: Betsy Mountenay

 Guest: Iliana Peters, shareholder and health care attorney at Polsinelli

 Producer: RJ Jewell